c9a61e5614
Set coturn_public_ip6 in inventory to advertise IPv6 relay candidates (2nd external-ip) AND emit matching v6 denied-peer-ip ranges (::1, fe80::/10, fc00::/7) for SSRF parity with the v4 lockdown. Unset → byte-identical pure-IPv4 config as before, so it's zero-risk opt-in. Droplet now has IPv6 on; this makes the conf dual-stack-ready. Code architected by Disco DeDisco <discodedisco@outlook.com> Git commit message Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
21 lines
1.2 KiB
INI
21 lines
1.2 KiB
INI
[staging]
|
|
staging.earthmanrpg.me ansible_user=discoman ansible_ssh_private_key_file=~/.ssh/id_ed25519_wsl_python-tdd letsencrypt_domain=staging.earthmanrpg.me
|
|
|
|
[production]
|
|
www.earthmanrpg.me ansible_user=discoman ansible_ssh_private_key_file=~/.ssh/id_ed25519_wsl_python-tdd
|
|
earthmanrpg.me ansible_user=discoman ansible_ssh_private_key_file=~/.ssh/id_ed25519_wsl_python-tdd
|
|
dashboard.earthmanrpg.me ansible_user=discoman ansible_ssh_private_key_file=~/.ssh/id_ed25519_wsl_python-tdd
|
|
|
|
[cicd]
|
|
gitea.earthmanrpg.me ansible_user=root ansible_ssh_private_key_file=~/.ssh/id_ed25519_wsl_python-tdd
|
|
|
|
# Dedicated coturn (TURN/STUN) droplet for WebRTC mesh voice — provisioned by
|
|
# coturn-playbook.yaml. UNCOMMENT + fill once the droplet + static IP exist
|
|
# (see the playbook header). coturn_secret must equal the app's
|
|
# COTURN_SHARED_SECRET. coturn_private_ip / coturn_tls_* are optional.
|
|
# coturn_public_ip6 (optional): set the droplet's public IPv6 to serve
|
|
# dual-stack TURN (adds a v6 external-ip + matching v6 peer-denial lockdown);
|
|
# leave unset for a pure-IPv4 relay.
|
|
# [coturn]
|
|
# turn.earthmanrpg.me ansible_user=root ansible_ssh_private_key_file=~/.ssh/id_ed25519_wsl_python-tdd coturn_secret=CHANGEME coturn_realm=earthmanrpg.me coturn_public_ip=CHANGEME
|